Nintendo World Report Forums

NWR Interactive => TalkBack => Topic started by: MegaByte on January 06, 2007, 04:16:03 PM

Title: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: MegaByte on January 06, 2007, 04:16:03 PM
A recently revealed vulnerability in the desktop version of Opera 9 can also crash the Wii version.

On January 5th, Opera Software revealed two security bugs in version 9.0x of its internet browser.  Though patched in its most recently released version 9.10, the Internet Channel Trial Version used on the Wii is still affected since it is powered by Opera 9.0.  iDefense Labs, discoverer of the bugs, notified Opera Software on November 16th of last year.    


One of the bugs, a flaw in the way the browser handles a scalable vector graphics (SVG) JavaScript function, can not only crash the Opera web browser, but can also allow arbitrary code execution.  However, it is unclear whether this code execution can happen on the Wii version, though the crash (a hard freeze of the system) does indeed occur.  In theory, a malicious hacker could craft a special webpage, which when visited by a victim, would crash and potentially execute code on the Wii.    


The crash occurs because Opera does not properly validate the type of object passed to the JavaScript SVG function "createSVGTransformFromMatrix."  Though Opera mentions that users that have JavaScript disabled are not affected by the problem, this is not a possibility on the Wii version, and Wii users will have to wait for a patch or the final version, which is currently scheduled for the end March.

Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: IceCold on January 06, 2007, 07:08:46 PM
Hopefully they include Flash 9 compatibility as well..
Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: Smash_Brother on January 06, 2007, 07:55:38 PM
Wow, that sucks...

It'd be nice if they threw us a bone and gave us a patch here before someone figures out a way to "brick" Wiis over the internet.
Title: RE:Opera Browser Vulnerability Affects Wii Internet Channel
Post by: Nephilim on January 06, 2007, 08:51:30 PM
There is no proof the code can be activated on the wii, only thing proven is it makes it crash
Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: KDR_11k on January 06, 2007, 08:53:04 PM
The first problem for injecting code into the Wii is... Do you have a Wii compiler?
Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: Nick DiMola on January 06, 2007, 09:18:35 PM
I figured it was only a matter of time before some sort of vulnerability was exposed with the Wii Internet Channel. Of course there is the issue of not being able to compile Wii executable code as of now, but having any vulnerabilities at all is typically not a good thing. Hopefully this bug is worked out and all is well again.
Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: KDR_11k on January 06, 2007, 10:34:57 PM
Hm... arbitrary code injection on a console could be useful for homebrew...
Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: WPack911 on January 07, 2007, 02:10:30 AM
Whatever it's no big whoop since it will be fixed in the final version anyway.  
Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: BranDonk Kong on January 07, 2007, 03:04:44 AM
I was thinking the same thing as KDR. How awesome would it be if someone made a website that you could visit and the "vulnerability" would allow you to play homebrew software. Of course, there is no such thing as Wii homebrew at this time, just Gamecube homebrew that works on the Wii.
Title: RE:Opera Browser Vulnerability Affects Wii Internet Channel
Post by: Djunknown on January 07, 2007, 10:12:02 AM
The Wii browser crashing happened to me  few times. It happens if I'm on YouTube for an extended period of time. But this vulnerability has me paranoid...

Quote
The first problem for injecting code into the Wii is... Do you have a Wii compiler?


So that means no worries for the time being right? Surf and crash to your heart's content?
Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: therat on January 07, 2007, 01:32:47 PM
will the thread stop running after i turn off my wii?
Title: RE: Opera Browser Vulnerability Affects Wii Internet Channel
Post by: MegaByte on January 07, 2007, 02:33:14 PM
A compiler is not a prerequisite for injecting machine code.
Title: RE:Opera Browser Vulnerability Affects Wii Internet Channel
Post by: AnyoneEB on January 07, 2007, 04:27:04 PM
Quote
Originally posted by: KDR_11k
The first problem for injecting code into the Wii is... Do you have a Wii compiler?


Yes.